Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2020-8803
SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Salesagility Suitecrm
6.5
CVSSv3
CVE-2020-8804
SuiteCRM up to and including 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM prior to 7.10.35, and 7.11.x and 7.12.x prior to 7.12.2, allows a remote malicious user to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2...
Salesagility Suitecrm
7.8
CVSSv3
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39268
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
Salesagility Suitecrm
8.1
CVSSv3
CVE-2015-5947
SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code.
Salesagility Suitecrm
6.5
CVSSv3
CVE-2022-0754
SQL Injection in GitHub repository salesagility/suitecrm before 7.12.5.
Salesagility Suitecrm
4.3
CVSSv3
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm before 7.12.5.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2018-15606
An XSS issue exists in SalesAgility SuiteCRM 7.x prior to 7.8.21 and 7.10.x prior to 7.10.8, related to phishing an error message.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »